Re: Is ttsh still OK?

From: Ben Webb (ben@bellatrix.pcl.ox.ac.uk)
Date: 12/20/02

• Next message: Security Alert: "SSRT2432 Security Vulnerability in smrsh (rev.1)"
• Previous message: Jay G. Scott: "Re: sudo and command line expansion"
• In reply to: Felix Havemann: "Re: Is ttsh still OK?"
• Next in thread: Jostein Tveit: "Re: Is ttsh still OK?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: Ben Webb <ben@bellatrix.pcl.ox.ac.uk>
Date: Fri, 20 Dec 2002 11:57:12 +0000 (UTC)

On Thu, 19 Dec 2002 20:27:30 +0000 (UTC), Felix Havemann
<blackandwhite.nospam@felixthecat.de> wrote:
> Why should putty be upgraded if you use it as client only?

Because you can be compromised by connecting to a malicious server.

> If you use OpenSSH on your server you should, no: you must upgrade to
> the latest version, at least 3.4p1 (although 3.5 ist out already).

The CERT advisory (CA-2002-36) believes that no version of OpenSSH is
vulnerable. You should, however, be running 3.4 or 3.5 already anyway,
due to the OpenSSH problems that were discovered a few months ago.

        Ben

-- 
ben@bellatrix.pcl.ox.ac.uk           http://bellatrix.pcl.ox.ac.uk/~ben/
"'In a sense,' he said, 'you're alone here, so if jump you best jump far'"

---

• Next message: Security Alert: "SSRT2432 Security Vulnerability in smrsh (rev.1)"
• Previous message: Jay G. Scott: "Re: sudo and command line expansion"
• In reply to: Felix Havemann: "Re: Is ttsh still OK?"
• Next in thread: Jostein Tveit: "Re: Is ttsh still OK?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.security.unix  > 2002-12